嵌入式系统：用mbedtls 3.6实现RSA - 2048 PKCS1验签功能的C代码

# RSA-2048 PKCS1 验签实现 (mbedtls 3.6) 以下是一个使用mbedtls 3.6库实现RSA-2048 PKCS1验签功能的C语言代码示例。这个代码适用于嵌入式系统，公钥以模数(n)和指数(e)的uint8数组形式给出。 ```c #include <string.h> #include "mbedtls/pk.h" #include "mbedtls/md.h" #include "mbedtls/error.h" #define RSA_KEY_SIZE 256 // 2048 bits = 256 bytes int rsa_verify_pkcs1( const uint8_t *n, // RSA modulus (big-endian) const uint8_t *e, // RSA public exponent (big-endian) size_t e_len, // Length of public exponent const uint8_t *msg, // Message to verify size_t msg_len, // Message length const uint8_t *sig, // Signature to verify size_t sig_len, // Signature length (must be RSA_KEY_SIZE) int hash_alg // MBEDTLS_MD_XXX (e.g. MBEDTLS_MD_SHA256) ) { int ret = 0; mbedtls_pk_context pk; mbedtls_mpi mpi_n, mpi_e; // Initialize structures mbedtls_pk_init(&pk); mbedtls_mpi_init(&mpi_n); mbedtls_mpi_init(&mpi_e); // Import modulus (n) and exponent (e) into MPI if ((ret = mbedtls_mpi_read_binary(&mpi_n, n, RSA_KEY_SIZE)) != 0) { printf("Failed to read modulus: -0x%04X\n", -ret); goto cleanup; } if ((ret = mbedtls_mpi_read_binary(&mpi_e, e, e_len)) != 0) { printf("Failed to read exponent: -0x%04X\n", -ret); goto cleanup; } // Setup PK context with RSA key if ((ret = mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA))) != 0) { printf("Failed to setup PK context: -0x%04X\n", -ret); goto cleanup; } // Set the RSA key components (only n and e needed for verification) if ((ret = mbedtls_rsa_import(mbedtls_pk_rsa(pk), &mpi_n, NULL, NULL, NULL, &mpi_e)) != 0) { printf("Failed to import RSA key: -0x%04X\n", -ret); goto cleanup; } // Complete the RSA key setup if ((ret = mbedtls_rsa_complete(mbedtls_pk_rsa(pk))) != 0) { printf("Failed to complete RSA key: -0x%04X\n", -ret); goto cleanup; } // Set padding to PKCS1 v1.5 if ((ret = mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), MBEDTLS_RSA_PKCS_V15, hash_alg)) != 0) { printf("Failed to set padding: -0x%04X\n", -ret); goto cleanup; } // Verify the signature ret = mbedtls_pk_verify(&pk, hash_alg, msg, msg_len, sig, sig_len); if (ret != 0) { printf("Verification failed: -0x%04X\n", -ret); } cleanup: mbedtls_mpi_free(&mpi_n); mbedtls_mpi_free(&mpi_e); mbedtls_pk_free(&pk); return ret; } // Example usage: int example_usage() { uint8_t n[RSA_KEY_SIZE] = { /* your modulus here */ }; uint8_t e[] = { /* your exponent here, typically 0x01, 0x00, 0x01 for 65537 */ }; uint8_t message[] = "This is the message to verify"; uint8_t signature[RSA_KEY_SIZE] = { /* the signature to verify */ }; int ret = rsa_verify_pkcs1( n, e, sizeof(e), message, sizeof(message) - 1, // -1 to exclude null terminator signature, sizeof(signature), MBEDTLS_MD_SHA256 ); if (ret == 0) { printf("Signature is valid\n"); } else { printf("Signature is invalid\n"); } return ret; } ``` ## 注意事项 1. 确保你的mbedtls配置启用了RSA和相应的哈希算法（如SHA-256），通常在`mbedtls_config.h`中配置。 2. 输入的公钥模数(n)和指数(e)必须是大端格式（big-endian），这是mbedtls的默认格式。 3. 签名长度必须与RSA密钥大小匹配（2048位=256字节），否则验签会失败。 ######[AI写代码神器 | 1210点数解答 | 2025-07-10 10:09:35]